-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
need to get the correct cacert.pem for AWS on CentOS boxes #325
Comments
This commit adds CentOS 5.11 to the test matrix. This requires working around a bug in the bento box where the cacert.pem bundle doesn’t have the VeriSign certificates that AWS uses. chef/bento#325 This workaround is applied as a recipe in the test cookbook because it may not be necessary for end users who may not have that certificate bundle.
I'm actually a little 👎 entirely on the overwriting of #318 also mentions this. |
I'll work up a PR for testing that removes these from the various ks.cfg's. |
* commit '8f09552fff04535f8f57e3ab423d45784fad1313': Fixes chef#325, chef#318 - don't download cacert.pem change mirror to http.debian.net, fixes chef#322 Fix minor typo in vm_name. update to debian 7.8 Added links to Fedora 21 boxes Update to Ubuntu 14.04.1. Fixes chef#290 Change company domain name to chef.io Update travis.yml for opscode to chef org rename Added Fedora 21 VB base boxes to README Remove EOL Fedora 19 content Fedora 19 is EOL as of January 6, 2015. https://lists.fedoraproject.org/pipermail/announce/2015-January/003248.html Make script zypper-locks.sh workable Conflicts: packer/debian-7.8-amd64.json packer/debian-7.8-i386.json
On CentOS, we download the cacert.pem bundle from the curl project.
The problem with this is explained in this mailing list post: http://curl.haxx.se/mail/archive-2014-10/0062.html
This manifests itself on CentOS when using Package Cloud for yum repositories, where, on the 5.11 box, it fails because SSL can't verify the certificate. Package Cloud has a valid SSL certificate, but their repositories are backed by AWS S3, so there's a redirect that happens, and SSL verification fails.
The text was updated successfully, but these errors were encountered: